ai-threat-testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The package is an explicit offensive testing framework that documents and provides playbooks for data exfiltration (token/credential/system-prompt extraction, model/data reconstruction), remote code execution/backdoors (exec payloads, persistence mechanisms), credential theft, privilege escalation and unauthorized API actions, supply‑chain tampering, logging/forensic evasion (log deletion, monitoring bypass), and obfuscation techniques — all of which enable deliberate malicious abuse if used outside authorized, controlled assessments.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs ingestion and manipulation of untrusted third‑party content—see SKILL.md Quick Start (target LLM app URL, RAG system) and reference/llm08-vector-poisoning.md (web crawling, document injection, RAG/vector DB retrieval)—so agents are expected to read and act on arbitrary public web/docs that could carry malicious instructions.